Privacy Act of 1974; System of Records, 32786-32789 [2019-14605]

Download as PDF 32786 Federal Register / Vol. 84, No. 131 / Tuesday, July 9, 2019 / Notices (3150–XXXX), Attn: Desk Officer for the Nuclear Regulatory Commission, 725 17th Street NW, Washington, DC 20503; email: oira_submission@omb.eop.gov. FOR FURTHER INFORMATION CONTACT: David Cullison, NRC Clearance Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555–0001; telephone: 301–415–2084; email: INFOCOLLECTS.Resource@nrc.gov. SUPPLEMENTARY INFORMATION: khammond on DSKBBV9HB2PROD with NOTICES I. Obtaining Information and Submitting Comments A. Obtaining Information Please refer to Docket ID NRC–2019– 0097 when contacting the NRC about the availability of information for this action. You may obtain publiclyavailable information related to this action by any of the following methods: • Federal rulemaking website: Go to https://www.regulations.gov/ and search for Docket ID NRC–2019–0097. A copy of the collection of information and related instructions may be obtained without charge by accessing Docket ID NRC–2019–0097 on this website. • NRC’s Agencywide Documents Access and Management System (ADAMS): You may obtain publiclyavailable documents online in the ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/ adams.html. To begin the search, select ‘‘ADAMS Public Documents’’ and then select ‘‘Begin Web-based ADAMS Search.’’ For problems with ADAMS, please contact the NRC’s Public Document Room (PDR) reference staff at 1–800–397–4209, 301–415–4737, or by email to pdr.resource@nrc.gov. A copy of the collection of information and related instructions may be obtained without charge by accessing ADAMS Accession No. ML19177A082. The supporting statement is available in ADAMS under Accession No. ML19177A084. • NRC’s PDR: You may examine and purchase copies of public documents at the NRC’s PDR, Room O1–F21, One White Flint North, 11555 Rockville Pike, Rockville, Maryland 20852. • NRC’s Clearance Officer: A copy of the collection of information and related instructions may be obtained without charge by contacting the NRC’s Clearance Officer, David Cullison, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555–0001; telephone: 301–415–2084; email: INFOCOLLECTS.Resource@NRC.GOV. B. Submitting Comments The NRC cautions you not to include identifying or contact information in VerDate Sep<11>2014 17:47 Jul 08, 2019 Jkt 247001 comment submissions that you do not want to be publicly disclosed in your comment submission. All comment submissions are posted at https:// www.regulations.gov/ and entered into ADAMS. Comment submissions are not routinely edited to remove identifying or contact information. If you are requesting or aggregating comments from other persons for submission to the OMB, then you should inform those persons not to include identifying or contact information that they do not want to be publicly disclosed in their comment submission. Your request should state that comment submissions are not routinely edited to remove such information before making the comment submissions available to the public or entering the comment into ADAMS. II. Background Under the provisions of the Paperwork Reduction Act of 1995 (44 U.S.C. chapter 35), the NRC recently submitted a proposed collection of information to OMB for review entitled, ‘‘Nuclear Energy Innovation and Modernization Act Local Community Advisory Board Questionnaire.’’ The NRC hereby informs potential respondents that an agency may not conduct or sponsor, and that a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. The NRC published a Federal Register notice with a 60-day comment period on this information collection on April 19, 2019 (84 FR 16547). 1. The title of the information collection: Nuclear Energy Innovation and Modernization Act Local Community Advisory Board Questionnaire. 2. OMB approval number: An OMB control number has not yet been assigned to this proposed information collection. 3. Type of submission: New. 4. The form number if applicable: Not applicable. 5. How often the collection is required or requested: Once. 6. Who will be required or asked to respond: Respondents will be the existing local community advisory boards in the vicinity of power reactors undergoing decommissioning, similar established stakeholder groups, or local government organizations. 7. The estimated number of annual responses: 15 (7 responses from sites with established local community advisory boards + 8 responses from sites where local community advisory boards have not been established). PO 00000 Frm 00088 Fmt 4703 Sfmt 4703 8. The estimated number of annual respondents: 15 (7 sites with established local community advisory boards + 8 sites where local community advisory boards have not been established). 9. An estimate of the total number of hours needed annually to comply with the information collection requirement or request: 54 hours. 10. Abstract: The NRC is planning to coordinate activities in accordance with Section 108 of the Nuclear Energy Innovation and Modernization Act to collect information on the use of local community advisory boards during decommissioning activities and issue a best practices report. In order to ensure appropriate best practices are identified, the NRC has developed a questionnaire that will seek feedback in a number of areas related to the formation and operation of local community advisory boards. The questionnaire will address the following areas: The type of topics that might be brought before a community advisory board; how the board’s input could inform the decisionmaking process for various decommissioning stakeholders; how the board might interact with other State and Federal agencies to promote dialogue between the licensee and impacted stakeholders; and how the board could offer opportunities for public engagement throughout the decommissioning process. The NRC will issue a report to Congress in June 2020 identifying best practices for establishment and operation of local community advisory boards. Dated at Rockville, Maryland, this 2nd day of July, 2019. For the Nuclear Regulatory Commission. Kristen E. Benney, Acting NRC Clearance Officer, Office of the Chief Information Officer. [FR Doc. 2019–14483 Filed 7–8–19; 8:45 am] BILLING CODE 7590–01–P PENSION BENEFIT GUARANTY CORPORATION Privacy Act of 1974; System of Records Pension Benefit Guaranty Corporation. ACTION: Notice of a new system of records. AGENCY: The Pension Benefit Guaranty Corporation (PBGC) is proposing the following changes to its system of records notices to establish a new system of records PBGC–26: PBGC Insider Threat and Data Loss Prevention. The new system of records will cover records about individuals, SUMMARY: E:\FR\FM\09JYN1.SGM 09JYN1 khammond on DSKBBV9HB2PROD with NOTICES Federal Register / Vol. 84, No. 131 / Tuesday, July 9, 2019 / Notices retrieved by personal identifier, which are compiled and used by PBGC’s Insider Threat and Data Loss Prevention teams, to administer PBGC’s insider threat and data loss prevention programs. Because records in this system include investigatory material compiled for law enforcement purposes, elsewhere in this issue of the Federal Register PBGC has published a final rule to exempt this system of records from certain requirements of the Privacy Act. The system of records is more fully described in in the SUPPLEMENTARY INFORMATION section of this notice and in the System of Records Notice (SORN) published in this notice. DATES: Comments must be received on or before August 8, 2019. The system of records described herein will become effective July 9, 2019, without further notice, unless comments result in a contrary determination and a notice is published to that effect. ADDRESSES: You may submit written comments to PBGC by any of the following methods: • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the website instructions for submitting comments. • Email: reg.comments@pbgc.gov. Refer to SORN in the subject line. • Mail or Hand Delivery: Regulatory Affairs Division, Office of the General Counsel, Pension Benefit Guaranty Corporation, 1200 K Street NW, Washington, DC 20005–4026. All submissions must include the agency’s name (Pension Benefit Guaranty Corporation, or PBGC) and refer to ‘‘SORN.’’ All comments received will be posted without change to PBGC’s website, www.pbgc.gov, including any personal information provided. Copies of comments may also be obtained by writing to Disclosure Division, Office of the General Counsel, Pension Benefit Guaranty Corporation, 1200 K Street NW, Washington, DC 20005–4026, or calling 202–326–4040 during normal business hours. (TTY users may call the Federal relay service toll-free at 1–800–877–8339 and ask to be connected to 202–326–4040.) FOR FURTHER INFORMATION CONTACT: Margaret Drake, Chief Privacy Officer, Pension Benefit Guaranty Corporation, Office of the General Counsel, 1200 K Street NW, Washington, DC 20005, 202– 326–4400, extension 6435. For access to any of PBGC’s system of records, contact D. Camilla Perry, Disclosure Officer, Office of the General Counsel, Disclosure Division, 1200 K Street NW, Washington DC 20005, or by calling 202–326–4040. VerDate Sep<11>2014 17:47 Jul 08, 2019 Jkt 247001 PBGC is proposing to establish a new system of records titled, ‘‘PBGC–26, PBGC Insider Threat and Data Loss Prevention— PBGC.’’ Executive Order 13587, issued on October 7, 2011, mandated that agencies with classified networks establish insider threat programs. While PBGC does not have any classified networks, it does maintain a significant amount of Controlled Unclassified Information (CUI) that, under law, it is required to safeguard from unauthorized access or disclosure. One method utilized by PBGC to ensure that only those with a need-to-know have access to CUI is a set of tools to minimize data loss, whether inadvertent or intentional. Working from the Minimum Standards set forth in the Presidential Memorandum—National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012), PBGC is also establishing an Insider Threat Program. While PBGC is not legally mandated to deploy an insider threat program, the principles developed by the National Institute of Standards and Technology and the National Insider Threat Task Force ‘‘can also be employed effectively to improve the security of Controlled Unclassified Information in nonnational security systems.’’ An ‘‘insider’’ is any individual authorized to access PBGC facilities, information, equipment, and systems. This includes Federal employees and contractors. An ‘‘insider threat’’ occurs when that individual exceeds their authorized access, intentionally or not, or uses information for an improper purpose, including, but not limited to, personal gain, which ‘‘negatively affect[s] the confidentiality, integrity, or availability’’ of PBGC data. The records that PBGC will compile to administer its data loss prevention and insider threat programs may be from any PBGC program, record, or source, and may contain records pertaining to information security, personnel security, or physical security. The records covered under PBGC– 26,PBGC Insider Threat and Data Loss Prevention—PBGC, include investigatory material compiled for law enforcement purposes. Accordingly, PBGC has published a Final Rule in the Federal Register to exempt such material in the new system or record from certain requirements under the Privacy Act of 1974 (5 U.S.C. 552a), based on subsection (k)(2) of the Act. The collection and maintenance of these records is new. The implementation of this new system of records will be effective on July 9, 2019. SUPPLEMENTARY INFORMATION: PO 00000 Frm 00089 Fmt 4703 Sfmt 4703 32787 Issued in Washington, DC. Gordon Hartogensis, Director, Pension Benefit Guaranty Corporation. SYSTEM NAME AND NUMBER PBGC—26: PBGC Insider Threat and Data Loss Prevention—PBGC SECURITY CLASSIFICATION Unclassified SYSTEM LOCATION Pension Benefit Guaranty Corporation (PBGC), 1200 K Street NW, Washington, DC 20005. (Records may be kept at an additional location as backup for continuity of operations.) SYSTEM MANAGER(S) AND ADDRESS Chief Information Officer, Office of Information Technology, PBGC, 1200 K Street NW, Washington, DC 20005. AUTHORITY FOR MAINTENANCE OF THE SYSTEM 29 U.S.C. 1302(b)(3); 5 U.S.C. 301; 44 U.S.C. 3101; 44 U.S.C. 3554; Executive Order 13587, Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information (Oct. 7, 2011); Presidential Memorandum—National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012); Executive Orders 13488 and 13467, as amended by 13764, To Modernize the Executive Branch-Wide Governance Structure and Processes for Security Clearances, Suitability and Fitness for Employment, and Credentialing, and Related Matters; Executive Order 3356, Controlled Unclassified Information (Nov. 4, 2010); 5 CFR part 731; 5 CFR part 302; OMB Circular A–130 (July 28, 2016); National Institute of Standards and Technology Special Publication 800–53. PURPOSE(S) OF THE SYSTEM The purpose of the system is to detect anomalous behavior by PBGC insiders and, as warranted, gather information from sources or existing PBGC systems of records to support an investigation of the incident. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM The categories of individuals covered by this system are PBGC insiders, defined as any person with authorized access to any PBGC resource including facilities, information, equipment, networks, or systems. CATEGORIES OF RECORDS IN THE SYSTEM A. THE SYSTEM WILL CONTAIN THESE CATEGORIES OF RECORDS Information collected through user activity monitoring, including E:\FR\FM\09JYN1.SGM 09JYN1 32788 Federal Register / Vol. 84, No. 131 / Tuesday, July 9, 2019 / Notices keystrokes, screen captures, and content transmitted via email, chat, or data import or export. Reports of investigation regarding security violations and privacy breaches, including incident reports; usernames and aliases, levels of network access, audit data, information regarding misuse of PBGC devices, information regarding unauthorized use of removable media, and logs of printer, copier, and facsimile machine use. Records relating to the management and operation of PBGC personnel and physical security, including information relating to continued eligibility for access to PBGC facilities, information, and information systems. Information identifying threats to PBGC personnel, property, facilities, and information; information obtained from the Department of Justice, the Federal Bureau of Investigation, or from other agencies or organizations about individuals known or suspected of being engaged in conduct constituting, preparing for, aiding, or relating to an insider threat, including espionage or unauthorized disclosure of personally identifiable information (PII). B. THE SYSTEM MAY INCLUDE THESE CATEGORIES OF RECORDS Publicly available information, such as information regarding: Arrests and detentions; real property; bankruptcy; liens or holds on property; vehicles; licensure (including professional and pilot’s licenses, firearms and explosive permits); business licenses and filings; and from social media. Reports furnished to the PBGC, or collected by PBGC, in connection with personnel security investigations and Insider Threat Detection Program operated by PBGC pursuant to Federal laws and Executive Orders, rules, regulations, guidance, and PBGC policies. Documentation pertaining to investigative or analytical efforts by PBGC Insider Threat Program Personnel to identify threats to PBGC personnel, property, facilities, and information. Intelligence reports and database query results relating to individuals covered by this system. khammond on DSKBBV9HB2PROD with NOTICES RECORD SOURCE CATEGORIES To monitor for, identify, and respond to potential insider threats, information in the system will be received on an as needed basis from PBGC employees, contractors, vendors, interns, and detailees; officials from other foreign, federal, tribal, state, and local government agencies and organizations; non-government, commercial, public, and private agencies and organizations; VerDate Sep<11>2014 17:47 Jul 08, 2019 Jkt 247001 complainants, informants, suspects, and witnesses; and from relevant records, including counterintelligence and security databases and files; personnel security databases and files; PBGC human resources databases and files; PBGC contractor files; PBGC’s Office of Information Technology; information collected through user activity monitoring; PBGC telephone usage records; federal, state, tribal, territorial, and local law enforcement and investigatory records; Inspector General records; available U.S. Government intelligence and counterintelligence reporting information and analytic products pertaining to adversarial threats; other Federal agencies; and publicly available information. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 522a(b), and: 1. General Routine Uses G1 through G14 apply to this system of records (see Prefatory Statement of General Routine Uses). 2. Records may be disclosed to any person, organization, or governmental entity in order to notify them of a serious threat for the purpose of guarding against or responding to the threat. 3. Records may be disclosed to a federal, state, or local agency, or other appropriate entities or individuals, or through established liaison channels to selected foreign governments, in order to enable the intelligence agency with the relevant authority and responsibility for the matter to carry out its responsibilities under the National Security Act of 1947 as amended, the CIA act of 1949 as emended, Executive Order 12333 or any successor order, applicable national security directives, or classified implementing procedures approved by the Attorney General and promulgated pursuant to such statutes, orders or directives. 4. Records may be disclosed to the U.S. Department of Homeland Security (DHS) if captured in an intrusion detection system used by PBGC and DHS pursuant to a DHS cybersecurity program that monitors internet traffic to and from federal government computer networks to prevent a variety of types of cybersecurity incidents. POLICIES AND PRACTICES FOR STORAGE OF RECORDS Records are maintained in electronic form (including computer databases or discs). Records may also be maintained PO 00000 Frm 00090 Fmt 4703 Sfmt 4703 on back-up tapes, or on a PBGC or a contractor-hosted network. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS Information from this system may be retrieved by numerous data elements and key word searches, including, but not limited to name, dates, subject, and other information retrievable with full text searching capability. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS PBGC has established security and privacy protocols that meet the required security and privacy standards issued by the National Institute of Standards and Technology (NIST). Records are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intruder detection, and role-based access controls. PBGC has adopted appropriate administrative, technical, and physical controls in accordance with PBGC’s security program to protect the confidentiality, integrity, and availability of the information, and to ensure that records are not disclosed to or accessed by unauthorized individuals. Electronic records are stored on computer networks, which may include cloud-based systems, and protected by controlled access with Personal Identity Verification (PIV) cards, assigning user accounts to individuals needing access to the records and by passwords set by authorized users that must be changed periodically. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS The records in this system of records are covered by National Archives and Records Administration General Records Schedule 5.6, items 210, 220, 230, and 240. RECORD ACCESS PROCEDURES Individuals, or third parties with written authorization from the individual, wishing to request access to their records in accordance with 29 CFR 4902.4, should submit a written request to the Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c). CONTESTING RECORD PROCEDURES Individuals, or third parties with written authorization from the individual, wishing to amend their records must submit a written request identifying the information they wish to correct in their file, in addition to E:\FR\FM\09JYN1.SGM 09JYN1 Federal Register / Vol. 84, No. 131 / Tuesday, July 9, 2019 / Notices following the requirements of the Record Access Procedure above. NOTIFICATION PROCEDURES Individuals, or third parties with written authorization from the individual, wishing to learn whether this system of records contains information about them should submit a written request to the Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their name, address, date of birth, and verification of their identity in accordance with 29 CFR 4902.3(c). EXEMPTIONS PROMULGATED FOR THE SYSTEM Pursuant to 5 U.S.C. 552a(k)(2), PBGC has established regulations at 29 CFR 4902.12 that exempt records in this system depending on their purpose. HISTORY None. [FR Doc. 2019–14605 Filed 7–8–19; 8:45 am] BILLING CODE 7709–02–P POSTAL REGULATORY COMMISSION [Docket Nos. MC2019–159 and CP2019–179] New Postal Products Postal Regulatory Commission. Notice. AGENCY: ACTION: The Commission is noticing a recent Postal Service filing for the Commission’s consideration concerning negotiated service agreements. This notice informs the public of the filing, invites public comment, and takes other administrative steps. DATES: Comments are due: July 11, 2019. SUMMARY: Submit comments electronically via the Commission’s Filing Online system at http:// www.prc.gov. Those who cannot submit comments electronically should contact the person identified in the FOR FURTHER INFORMATION CONTACT section by telephone for advice on filing alternatives. ADDRESSES: FOR FURTHER INFORMATION CONTACT: David A. Trissell, General Counsel, at 202–789–6820. SUPPLEMENTARY INFORMATION: khammond on DSKBBV9HB2PROD with NOTICES Table of Contents I. Introduction II. Docketed Proceeding(s) I. Introduction The Commission gives notice that the Postal Service filed request(s) for the Commission to consider matters related to negotiated service agreement(s). The VerDate Sep<11>2014 17:47 Jul 08, 2019 Jkt 247001 request(s) may propose the addition or removal of a negotiated service agreement from the market dominant or the competitive product list, or the modification of an existing product currently appearing on the market dominant or the competitive product list. Section II identifies the docket number(s) associated with each Postal Service request, the title of each Postal Service request, the request’s acceptance date, and the authority cited by the Postal Service for each request. For each request, the Commission appoints an officer of the Commission to represent the interests of the general public in the proceeding, pursuant to 39 U.S.C. 505 (Public Representative). Section II also establishes comment deadline(s) pertaining to each request. The public portions of the Postal Service’s request(s) can be accessed via the Commission’s website (http:// www.prc.gov). Non-public portions of the Postal Service’s request(s), if any, can be accessed through compliance with the requirements of 39 CFR 3007.301.1 The Commission invites comments on whether the Postal Service’s request(s) in the captioned docket(s) are consistent with the policies of title 39. For request(s) that the Postal Service states concern market dominant product(s), applicable statutory and regulatory requirements include 39 U.S.C. 3622, 39 U.S.C. 3642, 39 CFR part 3010, and 39 CFR part 3020, subpart B. For request(s) that the Postal Service states concern competitive product(s), applicable statutory and regulatory requirements include 39 U.S.C. 3632, 39 U.S.C. 3633, 39 U.S.C. 3642, 39 CFR part 3015, and 39 CFR part 3020, subpart B. Comment deadline(s) for each request appear in section II. II. Docketed Proceeding(s) 32789 This Notice will be published in the Federal Register. Ruth Ann Abrams, Acting Secretary. [FR Doc. 2019–14531 Filed 7–8–19; 8:45 am] BILLING CODE 7710–FW–P POSTAL SERVICE Product Change—Priority Mail and First-Class Package Service Negotiated Service Agreement Postal ServiceTM. ACTION: Notice. AGENCY: The Postal Service gives notice of filing a request with the Postal Regulatory Commission to add a domestic shipping services contract to the list of Negotiated Service Agreements in the Mail Classification Schedule’s Competitive Products List. DATES: Date of required notice: July 9, 2019. SUMMARY: FOR FURTHER INFORMATION CONTACT: Elizabeth Reed, 202–268–3179. The United States Postal Service® hereby gives notice that, pursuant to 39 U.S.C. 3642 and 3632(b)(3), on July 2, 2019, it filed with the Postal Regulatory Commission a USPS Request to Add Priority Mail & First-Class Package Service Contract 105 to Competitive Product List. Documents are available at www.prc.gov, Docket Nos. MC2019–159, CP2019–179. SUPPLEMENTARY INFORMATION: Elizabeth Reed, Attorney, Corporate and Postal Business Law. [FR Doc. 2019–14495 Filed 7–8–19; 8:45 am] BILLING CODE 7710–12–P SECURITIES AND EXCHANGE COMMISSION [Release No. 34–86283; File No. SR– CboeBZX–2019–059] 1. Docket No(s).: MC2019–159 and CP2019–179; Filing Title: USPS Request to Add Priority Mail & First-Class Package Service Contract 105 to Competitive Product List and Notice of Filing Materials Under Seal; Filing Acceptance Date: July 2, 2019; Filing Authority: 39 U.S.C. 3642, 39 CFR 3020.30 et seq., and 39 CFR 3015.5; Public Representative: Curtis E. Kidd; Comments Due: July 11, 2019. Self-Regulatory Organizations; Cboe BZX Exchange, Inc.; Notice of Filing and Immediate Effectiveness of a Proposed Rule Change Relating To Amend the Fee Schedule Applicable to Members and Non-Members 1 of the Exchange Pursuant to BZX Rules 15.1(a) and (c) 1 See Docket No. RM2018–3, Order Adopting Final Rules Relating to Non-Public Information, June 27, 2018, Attachment A at 19–22 (Order No. 4679). 1 A Member is defined as ‘‘any registered broker or dealer that has been admitted to membership in the Exchange.’’ See Exchange Rule 1.5(n). 2 15 U.S.C. 78s(b)(1). PO 00000 Frm 00091 Fmt 4703 Sfmt 4703 July 2, 2019. Pursuant to Section 19(b)(1) 2 of the Securities Exchange Act of 1934 (the E:\FR\FM\09JYN1.SGM 09JYN1

Agencies

[Federal Register Volume 84, Number 131 (Tuesday, July 9, 2019)]
[Notices]
[Pages 32786-32789]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-14605]


=======================================================================
-----------------------------------------------------------------------

PENSION BENEFIT GUARANTY CORPORATION


Privacy Act of 1974; System of Records

AGENCY: Pension Benefit Guaranty Corporation.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Pension Benefit Guaranty Corporation (PBGC) is proposing 
the following changes to its system of records notices to establish a 
new system of records PBGC-26: PBGC Insider Threat and Data Loss 
Prevention. The new system of records will cover records about 
individuals,

[[Page 32787]]

retrieved by personal identifier, which are compiled and used by PBGC's 
Insider Threat and Data Loss Prevention teams, to administer PBGC's 
insider threat and data loss prevention programs. Because records in 
this system include investigatory material compiled for law enforcement 
purposes, elsewhere in this issue of the Federal Register PBGC has 
published a final rule to exempt this system of records from certain 
requirements of the Privacy Act. The system of records is more fully 
described in in the SUPPLEMENTARY INFORMATION section of this notice 
and in the System of Records Notice (SORN) published in this notice.

DATES: Comments must be received on or before August 8, 2019. The 
system of records described herein will become effective July 9, 2019, 
without further notice, unless comments result in a contrary 
determination and a notice is published to that effect.

ADDRESSES: You may submit written comments to PBGC by any of the 
following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the website instructions for submitting comments.
     Email: [email protected]. Refer to SORN in the subject 
line.
     Mail or Hand Delivery: Regulatory Affairs Division, Office 
of the General Counsel, Pension Benefit Guaranty Corporation, 1200 K 
Street NW, Washington, DC 20005-4026.
    All submissions must include the agency's name (Pension Benefit 
Guaranty Corporation, or PBGC) and refer to ``SORN.'' All comments 
received will be posted without change to PBGC's website, www.pbgc.gov, 
including any personal information provided. Copies of comments may 
also be obtained by writing to Disclosure Division, Office of the 
General Counsel, Pension Benefit Guaranty Corporation, 1200 K Street 
NW, Washington, DC 20005-4026, or calling 202-326-4040 during normal 
business hours. (TTY users may call the Federal relay service toll-free 
at 1-800-877-8339 and ask to be connected to 202-326-4040.)

FOR FURTHER INFORMATION CONTACT: Margaret Drake, Chief Privacy Officer, 
Pension Benefit Guaranty Corporation, Office of the General Counsel, 
1200 K Street NW, Washington, DC 20005, 202-326-4400, extension 6435. 
For access to any of PBGC's system of records, contact D. Camilla 
Perry, Disclosure Officer, Office of the General Counsel, Disclosure 
Division, 1200 K Street NW, Washington DC 20005, or by calling 202-326-
4040.

SUPPLEMENTARY INFORMATION: PBGC is proposing to establish a new system 
of records titled, ``PBGC-26, PBGC Insider Threat and Data Loss 
Prevention--PBGC.'' Executive Order 13587, issued on October 7, 2011, 
mandated that agencies with classified networks establish insider 
threat programs. While PBGC does not have any classified networks, it 
does maintain a significant amount of Controlled Unclassified 
Information (CUI) that, under law, it is required to safeguard from 
unauthorized access or disclosure. One method utilized by PBGC to 
ensure that only those with a need-to-know have access to CUI is a set 
of tools to minimize data loss, whether inadvertent or intentional.
    Working from the Minimum Standards set forth in the Presidential 
Memorandum--National Insider Threat Policy and Minimum Standards for 
Executive Branch Insider Threat Programs (Nov. 21, 2012), PBGC is also 
establishing an Insider Threat Program. While PBGC is not legally 
mandated to deploy an insider threat program, the principles developed 
by the National Institute of Standards and Technology and the National 
Insider Threat Task Force ``can also be employed effectively to improve 
the security of Controlled Unclassified Information in non-national 
security systems.'' An ``insider'' is any individual authorized to 
access PBGC facilities, information, equipment, and systems. This 
includes Federal employees and contractors. An ``insider threat'' 
occurs when that individual exceeds their authorized access, 
intentionally or not, or uses information for an improper purpose, 
including, but not limited to, personal gain, which ``negatively 
affect[s] the confidentiality, integrity, or availability'' of PBGC 
data.
    The records that PBGC will compile to administer its data loss 
prevention and insider threat programs may be from any PBGC program, 
record, or source, and may contain records pertaining to information 
security, personnel security, or physical security. The records covered 
under PBGC-26,PBGC Insider Threat and Data Loss Prevention--PBGC, 
include investigatory material compiled for law enforcement purposes. 
Accordingly, PBGC has published a Final Rule in the Federal Register to 
exempt such material in the new system or record from certain 
requirements under the Privacy Act of 1974 (5 U.S.C. 552a), based on 
subsection (k)(2) of the Act.
    The collection and maintenance of these records is new. The 
implementation of this new system of records will be effective on July 
9, 2019.

    Issued in Washington, DC.
Gordon Hartogensis,
Director, Pension Benefit Guaranty Corporation.
SYSTEM NAME AND NUMBER
    PBGC--26: PBGC Insider Threat and Data Loss Prevention--PBGC

Security Classification
    Unclassified

System Location
    Pension Benefit Guaranty Corporation (PBGC), 1200 K Street NW, 
Washington, DC 20005. (Records may be kept at an additional location as 
backup for continuity of operations.)

System Manager(s) and Address
    Chief Information Officer, Office of Information Technology, PBGC, 
1200 K Street NW, Washington, DC 20005.

Authority for Maintenance of the System
    29 U.S.C. 1302(b)(3); 5 U.S.C. 301; 44 U.S.C. 3101; 44 U.S.C. 3554; 
Executive Order 13587, Structural Reforms To Improve the Security of 
Classified Networks and the Responsible Sharing and Safeguarding of 
Classified Information (Oct. 7, 2011); Presidential Memorandum--
National Insider Threat Policy and Minimum Standards for Executive 
Branch Insider Threat Programs (Nov. 21, 2012); Executive Orders 13488 
and 13467, as amended by 13764, To Modernize the Executive Branch-Wide 
Governance Structure and Processes for Security Clearances, Suitability 
and Fitness for Employment, and Credentialing, and Related Matters; 
Executive Order 3356, Controlled Unclassified Information (Nov. 4, 
2010); 5 CFR part 731; 5 CFR part 302; OMB Circular A-130 (July 28, 
2016); National Institute of Standards and Technology Special 
Publication 800-53.

Purpose(s) of the System
    The purpose of the system is to detect anomalous behavior by PBGC 
insiders and, as warranted, gather information from sources or existing 
PBGC systems of records to support an investigation of the incident.

Categories of Individuals Covered by the System
    The categories of individuals covered by this system are PBGC 
insiders, defined as any person with authorized access to any PBGC 
resource including facilities, information, equipment, networks, or 
systems.

Categories of Records in the System
A. The System Will Contain These Categories of Records
    Information collected through user activity monitoring, including

[[Page 32788]]

keystrokes, screen captures, and content transmitted via email, chat, 
or data import or export.
    Reports of investigation regarding security violations and privacy 
breaches, including incident reports; usernames and aliases, levels of 
network access, audit data, information regarding misuse of PBGC 
devices, information regarding unauthorized use of removable media, and 
logs of printer, copier, and facsimile machine use.
    Records relating to the management and operation of PBGC personnel 
and physical security, including information relating to continued 
eligibility for access to PBGC facilities, information, and information 
systems.
    Information identifying threats to PBGC personnel, property, 
facilities, and information; information obtained from the Department 
of Justice, the Federal Bureau of Investigation, or from other agencies 
or organizations about individuals known or suspected of being engaged 
in conduct constituting, preparing for, aiding, or relating to an 
insider threat, including espionage or unauthorized disclosure of 
personally identifiable information (PII).

B. The System May Include These Categories of Records
    Publicly available information, such as information regarding: 
Arrests and detentions; real property; bankruptcy; liens or holds on 
property; vehicles; licensure (including professional and pilot's 
licenses, firearms and explosive permits); business licenses and 
filings; and from social media.
    Reports furnished to the PBGC, or collected by PBGC, in connection 
with personnel security investigations and Insider Threat Detection 
Program operated by PBGC pursuant to Federal laws and Executive Orders, 
rules, regulations, guidance, and PBGC policies.
    Documentation pertaining to investigative or analytical efforts by 
PBGC Insider Threat Program Personnel to identify threats to PBGC 
personnel, property, facilities, and information.
    Intelligence reports and database query results relating to 
individuals covered by this system.

Record Source Categories
    To monitor for, identify, and respond to potential insider threats, 
information in the system will be received on an as needed basis from 
PBGC employees, contractors, vendors, interns, and detailees; officials 
from other foreign, federal, tribal, state, and local government 
agencies and organizations; non-government, commercial, public, and 
private agencies and organizations; complainants, informants, suspects, 
and witnesses; and from relevant records, including counterintelligence 
and security databases and files; personnel security databases and 
files; PBGC human resources databases and files; PBGC contractor files; 
PBGC's Office of Information Technology; information collected through 
user activity monitoring; PBGC telephone usage records; federal, state, 
tribal, territorial, and local law enforcement and investigatory 
records; Inspector General records; available U.S. Government 
intelligence and counterintelligence reporting information and analytic 
products pertaining to adversarial threats; other Federal agencies; and 
publicly available information.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses
    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 522a(b), and:
    1. General Routine Uses G1 through G14 apply to this system of 
records (see Prefatory Statement of General Routine Uses).
    2. Records may be disclosed to any person, organization, or 
governmental entity in order to notify them of a serious threat for the 
purpose of guarding against or responding to the threat.
    3. Records may be disclosed to a federal, state, or local agency, 
or other appropriate entities or individuals, or through established 
liaison channels to selected foreign governments, in order to enable 
the intelligence agency with the relevant authority and responsibility 
for the matter to carry out its responsibilities under the National 
Security Act of 1947 as amended, the CIA act of 1949 as emended, 
Executive Order 12333 or any successor order, applicable national 
security directives, or classified implementing procedures approved by 
the Attorney General and promulgated pursuant to such statutes, orders 
or directives.
    4. Records may be disclosed to the U.S. Department of Homeland 
Security (DHS) if captured in an intrusion detection system used by 
PBGC and DHS pursuant to a DHS cybersecurity program that monitors 
internet traffic to and from federal government computer networks to 
prevent a variety of types of cybersecurity incidents.

Policies and Practices for Storage of Records
    Records are maintained in electronic form (including computer 
databases or discs). Records may also be maintained on back-up tapes, 
or on a PBGC or a contractor-hosted network.

Policies and Practices for Retrieval of Records
    Information from this system may be retrieved by numerous data 
elements and key word searches, including, but not limited to name, 
dates, subject, and other information retrievable with full text 
searching capability.

Administrative, Technical, and Physical Safeguards
    PBGC has established security and privacy protocols that meet the 
required security and privacy standards issued by the National 
Institute of Standards and Technology (NIST). Records are maintained in 
a secure, password protected electronic system that utilizes security 
hardware and software to include multiple firewalls, active intruder 
detection, and role-based access controls. PBGC has adopted appropriate 
administrative, technical, and physical controls in accordance with 
PBGC's security program to protect the confidentiality, integrity, and 
availability of the information, and to ensure that records are not 
disclosed to or accessed by unauthorized individuals.
    Electronic records are stored on computer networks, which may 
include cloud-based systems, and protected by controlled access with 
Personal Identity Verification (PIV) cards, assigning user accounts to 
individuals needing access to the records and by passwords set by 
authorized users that must be changed periodically.

Policies and Practices for Retention and Disposal of Records
    The records in this system of records are covered by National 
Archives and Records Administration General Records Schedule 5.6, items 
210, 220, 230, and 240.

Record Access Procedures
    Individuals, or third parties with written authorization from the 
individual, wishing to request access to their records in accordance 
with 29 CFR 4902.4, should submit a written request to the Disclosure 
Officer, PBGC, 1200 K Street NW, Washington, DC 20005, providing their 
name, address, date of birth, and verification of their identity in 
accordance with 29 CFR 4902.3(c).

Contesting Record Procedures
    Individuals, or third parties with written authorization from the 
individual, wishing to amend their records must submit a written 
request identifying the information they wish to correct in their file, 
in addition to

[[Page 32789]]

following the requirements of the Record Access Procedure above.

Notification Procedures
    Individuals, or third parties with written authorization from the 
individual, wishing to learn whether this system of records contains 
information about them should submit a written request to the 
Disclosure Officer, PBGC, 1200 K Street NW, Washington, DC 20005, 
providing their name, address, date of birth, and verification of their 
identity in accordance with 29 CFR 4902.3(c).

Exemptions Promulgated for the System
    Pursuant to 5 U.S.C. 552a(k)(2), PBGC has established regulations 
at 29 CFR 4902.12 that exempt records in this system depending on their 
purpose.

History
    None.

[FR Doc. 2019-14605 Filed 7-8-19; 8:45 am]
BILLING CODE 7709-02-P